Prerequisites

In the Tenant's AzureAD

• As an Administrator...
• Create a new dedicated Service Account, for example, HuntressAdmin@domain.tld.
  • This account must be a Global Administrator, at least for App Installation.
• HuntressAdmin@domain.tld must use Microsoft Multi-Factor Authentication either via Conditional Access or Per-User MFA.
  
  • Other MFA providers, e.g., Duo, will not work. Microsoft Documentation.
• Create a new Conditional Access Policy, for example, Huntress Conditional Access Policy
  • Assignments > Users > Include > Select user and groups ... HuntressAdmin@domain.tld
  • Grant > Grant access ... Require multifactor authentication
  • Enable policy ... On
• Edit each pre-existing Conditional Access Policy with State `On`
  
  • Assignments > Users > Exclude > Users and groups ... HuntressAdmin@domain.tld
• Navigate to the User Details view for HuntressAdmin@domain.tld
  • In the left-hand menu
    • Managed > Assigned Roles
      • Global Administrator (May be removed after enrollment)
      • Application administrator
      • Privileged authentication administrator
      • Security administrator
      • Exchange administrator
      • Authentication policy administrator
      • Intune administrator
      • User administrator
      • Teams administrator
      • Cloud application administrator
      • Conditional access administrator

How to enable Microsoft 365?

[CRITICAL] At a minimum, Incognito/Private browsing, with no extensions, is required.
Due to ongoing browser changes, we recommend using a virgin web browser container (e.g., Firefox).

Choose the Microsoft 365 integration

Select "Add Tenant Manually"

Choose Huntress Organization to map the Microsoft 365 Tenant to.

Sign in with a dedicated service account

If you did not see TWO Oauth logins, the second being for Exchange API, then the process was blocked by an AdBlocker or the like.